CVE-2016-10115

EUVD-2016-1306
NETGEAR Arlo base stations with firmware 1.7.5_6178 and earlier, Arlo Q devices with firmware 1.8.0_5551 and earlier, and Arlo Q Plus devices with firmware 1.8.1_6094 and earlier have a default password of 12345678, which makes it easier for remote attackers to obtain access after a factory reset or in a factory configuration.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 90%
Affected Products (NVD)
VendorProductVersion
netgeararlo_base_station_firmware
𝑥
≤ 1.7.5_6178
netgeararlo_q_camera_firmware
𝑥
≤ 1.8.0_5551
netgeararlo_q_plus_camera_firmware
𝑥
≤ 1.8.1_6094
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://blog.newskysecurity.com/2016/09/factory_reset_vuln_in_netgear_arlo/
http://kb.netgear.com/30731/Arlo-WiFi-Default-Password-Security-Vulnerability
http://www.securityfocus.com/bid/95265
http://blog.newskysecurity.com/2016/09/factory_reset_vuln_in_netgear_arlo/
http://kb.netgear.com/30731/Arlo-WiFi-Default-Password-Security-Vulnerability
http://www.securityfocus.com/bid/95265